Oracle To Serve Up 41 Patches Next Tuesday

By Jennifer Bosavage, CRN
April 11, 2008 4:20 PM ET

After you file your taxes on Tuesday, check out Oracle's critical patch update for April that contains 41 patch fixes.

The fixes are part of the company's regularly scheduled Critical Patch Updates (CPU). Seventeen of the fixes are for the Oracle Database, including two for Oracle Application Express. On Oracle's Website, it notes, "Two of these vulnerabilities may be remotely exploited without authentication, i.e. may be exploited over a network without the need for a username and password. None of these fixes are applicable to Oracle Database client-only installations, i.e. installations that do not have the Oracle Database installed."

Eleven of the security patches are for the Oracle E-Business Suite, with seven of the vulnerabilities potentially able to be remotely exploited without authentication. Oracle's Application Server has three vulnerabilities addressed by the upcoming CPU: all of them may be remotely exploited over a network without the need for a username and password.

Oracle E-Business Suite products use Oracle Database and Oracle Application Server products which have vulnerabilities fixed in this CPU.

The Critical Patch Update affects the following products:

Oracle Database 11g, version 11.1.0.6

Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3

Oracle Database 10g, version 10.1.0.5

Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV

Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.1.0, 10.1.3.3.0

Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.0.2, 10.1.2.1.0, 10.1.2.2.0

Oracle Application Server 10g (9.0.4), version 9.0.4.3

Oracle Collaboration Suite 10g, version 10.1.2

Oracle E-Business Suite Release 12, versions 12.0.0 - 12.0.4

Oracle E-Business Suite Release 11i, versions 11.5.9 - 11.5.10 CU2

Oracle PeopleSoft Enterprise PeopleTools versions 8.22.19, 8.48.16, 8.49.09

Oracle PeopleSoft Enterprise HCM versions 8.8 SP1, 8.9, 9.0

Oracle Siebel SimBuilder versions 7.8.2, 7.8.5

In other security related news, the company outlined its vision for service-oriented security this week. Oracle said that decoupling hard-coded security features from enterprise applications will create reusable, standards-based security services and protocols which any application can use. In addition, through SOA, Oracle aims to help organizations simplify and centralize several critical security processes including authentication, authorization, user administration, role management, identity virtualization and governance, and entitlement management, as well as audit and control.

Related: Videos | Slide Shows | ChannelCasts | Comments

More Applications & OS

Comments by Vanilla

	10 Letdowns From The Facebook IPO Filing It may make a lot of its employees millionaires, but Facebook's IPO filing was disappointing in a few areas.
	Seven Hot Business Apps For Mac OS X Macworld/iWorld, the new name for the Macworld expo, featured the first OS X Zone. The sold-out section of the showroom floor was dedicated to exhibitors with software and accessories for Apple's Mac desktops and laptops.
	The New Face Of Linux Distros In 2012 From specialized OSes for fixed functions like kiosks or security, to revamped GUIs on general operating systems, Linux desktops in 2012 are taking on a new look.
	More Slide Shows